Somewhere on the Internet there is a photo of me topless. I’m not a celebrity, and this photo was not taken by paparazzi, an ex-boyfriend, or hackers—it was taken by a medical professional. In 2015, I was diagnosed with breast cancer, which was followed by a mastectomy, and then reconstructive surgery. An attendant in the doctor’s office took before and after photos of me for their records, naked from the waist up. I was told that the photos would not include my head, and would go directly to their database—though this was not comforting when the medical assistant whipped out her personal phone to snap the pictures.

As we’re all well aware, there are far too many ways for photos of this nature to get out of control. If automatic backup or online photo library were turned on, the photos would be automatically copied to the cloud where they could be at risk of being hacked, as happened to iCloud in 2014. Now, I realize that I’m not a celebrity, but this is one example of the sometimes nonchalant attitude towards digital security that is the root cause of many, many breaches.

My topless photos are just one of the many privacy concerns I had while going through the process of diagnosis, treatment, and recovery. During one of my first trips to the hospital, I filled out the required forms. Upon completion, watched a tech enter my personal data into a nearby computer, and subsequently drop the paper forms into an unmarked cardboard box. Curious, I continued to eye the box, and a little while later, the janitor came by and dumped the contents of the box into the garbage bin, and then into the dumpster. When I asked the office about it, they said that all paperwork was shredded before being disposed of in the public dumpster—but this was obviously not what I had witnessed.